Block or fail all requests not in the replay?

I’m interested in using mitmproxy’s server replay functionality to create automated tests for part of a website I’m developing.

For this, I’d like for mitmproxy to explicitly block or otherwise just fail to connect to anything in the “real world” that is not part of the replay simulation during these tests. No passthrough allowed.

Any ideas on how this can be achieved?

For clarity, here is a simple summary of what I’m doing so far:

  1. Run mitmdump -p8506 -w outfile.replay
  2. Set up Firefox in proxy settings for mitmproxy and install the certificate from the address.
  3. Play out my interaction with Firefox in the browser (for example, a simple login)
  4. Stop the mitmdump recording.
  5. Replay with mitmproxy -S outfile.replay -p8506.

Now of course when I do this, the replay works great for everything in the replay but I can also go to Newgrounds or Google or whatever.

In my case, the tests are literally a bunch of HTTP calls to endpoints mocked by mitmproxy in replay mode and I really need to be sure I am not ever going to write a test that accidentally interacts with a production system in any way at minimum. Ideally I would get some kind of instant 404 response for non-matched requests and not have to wait for a timeout either… .but whatever works is good enough for me.

I think what I was looking for was the --set server_replay_kill_extra=true flag.

Something like this:

mitmproxy -S outfile.replay -p8506 --set server_replay_kill_extra=true --set server_replay_nopop=true.

This flag seems to cause requests that aren’t in the replay to timeout from the perspective of the client.